Commit c14c4a9e merged the hash_remove() and hash_add() calls in
multi_process_float(), but didn't notice that the hash key (mi->real) was
updated between these calls. So we now try to remove the *new* address
instead of the *old* address from the hash table. This leaks memory and
might break stuff when a different client floats to the old address/port of
this client. Restore that.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1479575566-21198-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13128.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -2317,6 +2317,10 @@ void multi_process_float (struct multi_context* m, struct multi_instance* mi) |
2317 | 2317 |
mroute_addr_print (&mi->real, &gc), |
2318 | 2318 |
print_link_socket_actual (&m->top.c2.from, &gc)); |
2319 | 2319 |
|
2320 |
+ /* remove old address from hash table before changing address */ |
|
2321 |
+ ASSERT (hash_remove (m->hash, &mi->real)); |
|
2322 |
+ ASSERT (hash_remove (m->iter, &mi->real)); |
|
2323 |
+ |
|
2320 | 2324 |
/* change external network address of the remote peer */ |
2321 | 2325 |
mi->real = real; |
2322 | 2326 |
generate_prefix (mi); |
... | ... |
@@ -2330,8 +2334,8 @@ void multi_process_float (struct multi_context* m, struct multi_instance* mi) |
2330 | 2330 |
|
2331 | 2331 |
tls_update_remote_addr (mi->context.c2.tls_multi, &mi->context.c2.from); |
2332 | 2332 |
|
2333 |
- ASSERT (hash_add (m->hash, &mi->real, mi, true)); |
|
2334 |
- ASSERT (hash_add (m->iter, &mi->real, mi, true)); |
|
2333 |
+ ASSERT (hash_add (m->hash, &mi->real, mi, false)); |
|
2334 |
+ ASSERT (hash_add (m->iter, &mi->real, mi, false)); |
|
2335 | 2335 |
|
2336 | 2336 |
#ifdef MANAGEMENT_DEF_AUTH |
2337 | 2337 |
ASSERT (hash_add (m->cid_hash, &mi->context.c2.mda_context.cid, mi, true)); |